SRX

Good afternoon.
I set srx220h, connected to two different ISPs.
The following setup is responsible for switching between them:

routing-options {
    static {
        route 0.0.0.0/0 {
            next-hop 2##.###.###.129;
            qualified-next-hop 1##.###.###.29 {
                preference 7;
            }
            preference 5;
        }
    }
}

 qualified-next-hop switch to another hop, when the primary is not available. However, it is often the situation when the main provider does not have access to the Internet (although the main gateway is available). In this regard, there is a need to set up SRX - he could to throw routes through the second gateway in the absence of the Internet at the main provider.
possible for this configuration is necessary bfd-liveness-detection?
Help me, please.

Hi,

Your best option is to use one of the following as you would need to establish BFD sessions with routers not in your control.

http://kb.juniper.net/InfoCenter/index?page=content&id=KB22052

http://kb.juniper.net/InfoCenter/index?page=content&id=KB24362

As Steve pointed out in the below article also, tracking to the ISP DNS server has proved fruitful for him.

http://forums.juniper.net/t5/SRX-Services-Gateway/SRX-Internet-Failover-Question/m-p/242948#M29847

Hi,MMcD

I followed the instructions on your links, causing received the following configuration:

[edit]
+  routing-instances {
+      FBF-1 {
+          instance-type forwarding;
+          routing-options {
+              static {
+                  route 0.0.0.0/0 next-hop #main-ISP-GW#;
+              }
+          }
+      }
+      FBF-2 {
+          instance-type forwarding;
+          routing-options {
+              static {
+                  route 0.0.0.0/0 next-hop #second-ISP-GW#;
+              }
+          }
+      }
+  }
+  services {
+      rpm {
+          probe Probe-Server {
+              test testsvr {
+                  target address #main-ISP-DNS#;
+                  probe-count 10;
+                  probe-interval 5;
+                  test-interval 10;
+                  thresholds {
+                      successive-loss 10;
+                      total-loss 5;
+                  }
+                  destination-interface ge-0/0/0.0;
+                  next-hop #main-ISP-GW#;
+              }
+          }
+          probe Probe-Server1 {
+              test testsvr {
+                  target address #second-ISP-DNS#;
+                  probe-count 10;
+                  probe-interval 5;
+                  test-interval 10;
+                  thresholds {
+                      successive-loss 10;
+                      total-loss 5;
+                  }
+                  destination-interface ge-0/0/1.0;
+                  next-hop #second-ISP-GW#;
+              }
+          }
+      }
+      ip-monitoring {
+          policy Server-Tracking {
+              match {
+                  rpm-probe Probe-Server;
+              }
+              then {
+                  preferred-route {
+                      routing-instances FBF-1 {
+                          route 0.0.0.0/0 {
+                              next-hop #second-ISP-GW#;
+                          }
+                      }
+                  }
+              }
+          }
+          policy Server-Tracking1 {
+              match {
+                  rpm-probe Probe-Server1;
+              }
+              then {
+                  preferred-route {
+                      routing-instances FBF-2 {
+                          route 0.0.0.0/0 {
+                              next-hop #main-ISP-GW#;
+                          }
+                      }
+                  }
+              }
+          }
+      }
+  }

 Is that enough? Configuration will automatically switch to the case of unavailability of DNS-server main provider?

Thanks in advance for your reply!

also another question - Do I remove the configuration lines?:

routing-options {
    static {
        route 0.0.0.0/0 {
            next-hop 2##.###.###.129;
            qualified-next-hop 1##.###.###.29 {
                preference 7;
            }
            preference 5;
        }
    }
}

Hi,

Yes , those configuration lines needs to be removed.

routing-options {
    static {
        route 0.0.0.0/0 {
            next-hop 2##.###.###.129;
            qualified-next-hop 1##.###.###.29 {
                preference 7;
            }
            preference 5;
        }
    }
}

Regards,

rparthi

does not work, SRX can not connect through any gateway 😞

Finally, I still found the right configuration.
It turns out that this code can not be deleted, you need only a part, responsible for the qualified-next-hop.

routing-options {
    static {
        route 0.0.0.0/0 {
            next-hop ###ISP-1-GW###;
            preference 5;
        }
    }
}

 And the script is configured without routing-instances, directly from the routing-options:

    rpm {
        probe Probe-Server {
            test testsvr {
                target address ###ISP-1-DNS###;
                probe-count 10;
                probe-interval 5;
                test-interval 10;
                thresholds {
                    successive-loss 10;
                    total-loss 5;
                }
                destination-interface ge-0/0/0.0;
                next-hop ###ISP-1-GW###;
            }
        }
    }
    ip-monitoring {
        policy Server-Tracking {
            match {
                rpm-probe Probe-Server;
            }
            then {
                preferred-route {
                    route 0.0.0.0/0 {
                        next-hop ###ISP-2-GW###;
                    }
                }
            }
        }
    }